Page History

The C fopen() function is used to open an existing file or create a new one. The C11 version of the fopen() and fopen_s() functions function provides a mode flag,   x, that provides the mechanism needed to determine if the file that is to be opened exists. Not using this mode flag can lead to a program overwriting or accessing an unintended file.

...

char *file_name;
FILE *fp;

/* Initialize file_name */

fp = fopen(file_name, "w");
if (!fp) {
  /* Handle error */
}

...

Compliant Solution (fopen

...

("x"), C11

...

)

The C11 Annex K fopen_s() function is designed to improve the security of the Starting in C11 a new mode suffix ("x") was added to the fopen() function. Like the fopen() function, fopen_s() provides a mechanism to determine whether the file exists. See below for use of the exclusive mode flag.

char *file_name;
FILE *fp;

/* Initialize file_name */
errno_t res = fopen_s(&fp, file_name, "w");
if (res != 0) {
  /* Handle error */
}

Compliant Solution (fopen_s(), C11 Annex K)

The C Standard provides a new flag to address this problem. Subclause 7.21.5.3, paragraph 5  function which causes fopen() to return NULL if the file already exists or cannot be created [ISO/IEC 9899:2011], states:

...

.

This option is also provided by the GNU C library [Loosemore 2007].

This compliant solution uses the x mode character to instruct fopen_s() to fail rather than open an existing file:

char *file_name;
FILE *fp;

/* Initialize file_name */

FILE *fp;
errno_t res = fopen_s(&fp, file_name, "wx");
if (res != 0fp) {
  /* Handle error */
}

Use of this option allows for the easy remediation of legacy code. However, note that Microsoft Visual Studio 2012 and earlier do not support the x mode character [MSDN].

Compliant Solution (open(), POSIX)

...

Bibliography

...